- Research Article
- Open Access
Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis
EURASIP Journal on Advances in Signal Processing volume 2009, Article number: 752818 (2008)
Distributed network traffic anomaly refers to a traffic abnormal behavior involving many links of a network and caused by the same source (e.g., DDoS attack, worm propagation). The anomaly transiting in a single link might be unnoticeable and hard to detect, while the anomalous aggregation from many links can be prevailing, and does more harm to the networks. Aiming at the similar features of distributed traffic anomaly on many links, this paper proposes a network-wide detection method by performing anomalous correlation analysis of traffic signals' instantaneous parameters. In our method, traffic signals' instantaneous parameters are firstly computed, and their network-wide anomalous space is then extracted via traffic prediction. Finally, an anomaly is detected by a global correlation coefficient of anomalous space. Our evaluation using Abilene traffic traces demonstrates the excellent performance of this approach for distributed traffic anomaly detection.
To access the full article, please see PDF.
About this article
Cite this article
Zonglin, L., Guangmin, H., Xingmiao, Y. et al. Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis. EURASIP J. Adv. Signal Process. 2009, 752818 (2008). https://doi.org/10.1155/2009/752818
- Excellent Performance
- Anomaly Detection
- Abnormal Behavior
- Full Article
- Traffic Signal